[Mimedefang] Executable not caught

[Joseph Brennan]

I've put a complex email message I got yesterday at

http://www.columbia.edu/~brennan/virusmail.txt


A few mime parts down, see an executable attachment called
message.scr.

I'm trying to figure out how this got through without being
rejected.  Our filter has the usual filter_bad_filename routine
with scr as one of the bad extensions, and then later it has this

    if (filter_bad_filename($entity)) {
        if ($ext =~ /(pif|scr|cpl|com)/) {
            md_graphdefang_log('virus',"bad_filename_1 $fname $type");
            return action_bounce("Bad attachment");
        }

...so that we reject all messages with scr files.

So, is it my filter or is it Mimedefang generally?  I'd appreciate
it if someone else would try sending that message through your
Mimedefang filter.

Beware: that part is a virus, in mail pretending to be from me.


Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York